Trium918 Posted May 14, 2007 Share Posted May 14, 2007 I named the subject this because I am new to the upload feature. What I am trying to do is gather all the information needed in order to create a functional/secure uploading system. I would appreciate you all suggestions. Thanks! Quote Link to comment Share on other sites More sharing options...
Lumio Posted May 14, 2007 Share Posted May 14, 2007 http://www.php.net/manual/features.file-upload.php will help you Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 14, 2007 Author Share Posted May 14, 2007 Thanks, Lumio! Are there any programming tips for certain problems tha I should be aware of? Quote Link to comment Share on other sites More sharing options...
lewis987 Posted May 14, 2007 Share Posted May 14, 2007 limit file type and size... apart from that, make sure you use MySQL to record all files uploaded Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 14, 2007 Author Share Posted May 14, 2007 limit file type and size... apart from that, make sure you use MySQL to record all files uploaded Would this fall under the security and are there other issues as well? Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 14, 2007 Author Share Posted May 14, 2007 What am I missing? Need some guidance. <?php $uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); echo '<pre>'; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo 'Here is some more debugging info:'; print_r($_FILES); print "</pre>"; ?> This is the result that I am getting. Possible file upload attack! Here is some more debugging info:Array ( [userfile] => Array ( [name] => logout.txt [type] => text/plain [tmp_name] => C:\WINDOWS\TEMP\php228.tmp [error] => 0 [size] => 882 ) ) Quote Link to comment Share on other sites More sharing options...
marf Posted May 15, 2007 Share Posted May 15, 2007 hrm, typically how I did file upload (mind you this was some time ago) was using the copy(), and then unlink() functions. Perhaps they are oldschool, but try this <?php $uploaddir = '/var/www/uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); echo '<pre>'; if (copy($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { unlink($_FILES['userfile']['tmp_name']; echo "Possible file upload attack!\n"; } echo 'Here is some more debugging info:'; print_r($_FILES); print "</pre>"; ?> Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 15, 2007 Author Share Posted May 15, 2007 I need for someone to explain to me in full how would I use the $_FILES array in the code below. Thanks! <?php $_FILES['userfile']['name'] $_FILES['userfile']['type'] $_FILES['userfile']['size'] $_FILES['userfile']['tmp_name'] ?> Quote Link to comment Share on other sites More sharing options...
Lumio Posted May 15, 2007 Share Posted May 15, 2007 http://www.php.net/manual/features.file-upload.php $_FILES['userfile']['name'] The original name of the file on the client machine. $_FILES['userfile']['type'] The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted. $_FILES['userfile']['size'] The size, in bytes, of the uploaded file. $_FILES['userfile']['tmp_name'] The temporary filename of the file in which the uploaded file was stored on the server. $_FILES['userfile']['error'] The error code associated with this file upload. This element was added in PHP 4.2.0 For example: <?php if(move_uploaded_file($_FILES['upload_file']['tmp_name'], "./my_dir/".$_FILES['upload_file']['name'])) { $size = intval($_FILES['upload_file']['size']); $sizes = array('Byte', 'KB', 'MB', 'GB', 'TB'); $unit = 0; while ($size >= 1024) { if ($unit < (count($sizes)-1) ) { $size /= 1024; $unit++; }else break; } $size = round($size,2); echo $size.$sizes[$unit]; echo 'Uploaded <i>'.$_FILES['upload_file']['name'].'</i>'; }else echo 'Error'; ?> Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 15, 2007 Author Share Posted May 15, 2007 http://www.php.net/manual/features.file-upload.php $_FILES['userfile']['name'] The original name of the file on the client machine. $_FILES['userfile']['type'] The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted. $_FILES['userfile']['size'] The size, in bytes, of the uploaded file. $_FILES['userfile']['tmp_name'] The temporary filename of the file in which the uploaded file was stored on the server. $_FILES['userfile']['error'] The error code associated with this file upload. This element was added in PHP 4.2.0 For example: <?php if(move_uploaded_file($_FILES['upload_file']['tmp_name'], "./my_dir/".$_FILES['upload_file']['name'])) { $size = intval($_FILES['upload_file']['size']); $sizes = array('Byte', 'KB', 'MB', 'GB', 'TB'); $unit = 0; while ($size >= 1024) { if ($unit < (count($sizes)-1) ) { $size /= 1024; $unit++; }else break; } $size = round($size,2); echo $size.$sizes[$unit]; echo 'Uploaded <i>'.$_FILES['upload_file']['name'].'</i>'; }else echo 'Error'; ?> Thanks, Lumio! ['name'],['type'],['size'],['tmp_name'] are there like properties of the $_FILES or will the script work if they were renamed? Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 15, 2007 Author Share Posted May 15, 2007 Can anyone explain to me why this script is adding the file upload to the picture that is being uploaded? Example: $idir = "C:\Program Files\Apache Group\Apache2\htdocs\web\upload"; uploadpicture.pjpeg I am trying to get it to go in the folder upload as picture.pjpeg <?php if($_POST['submit']) { if(($_FILES["userfile"]["type"] == "image/gif") ||($_FILES["userfile"]["type"]== "image/pjpeg")) { if ($_FILES["userfile"]["error"] > 0) { echo "Return Code: " . $_FILES["userfile"]["error"] . "<br />"; } else{ echo "Upload: " . $_FILES["userfile"]["name"] . "<br />"; echo "Type: " . $_FILES["userfile"]["type"] . "<br />"; echo "Size: " . ($_FILES["userfile"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["userfile"]["tmp_name"]; } # Path To Images Directory $idir = "C:\Program Files\Apache Group\Apache2\htdocs\web\upload"; if (file_exists("$idir" . $_FILES["userfile"]["name"])) { echo $_FILES["userfile"]["name"] . " already exists. "; } else{ move_uploaded_file($_FILES["userfile"]["tmp_name"], "$idir" . $_FILES["userfile"]["name"]); echo "Stored in: " . "$idir" . $_FILES["userfile"]["name"]; } } else {die("Invalid File");} } ?> Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 16, 2007 Author Share Posted May 16, 2007 I need some help debugging this please! I the problem is this script. The entire script is after the first code block. <?php // read photo $TempFileName = $_FILES['userfile']['tmp_name']; // temporary file at server side $TempFile = fopen($TempFileName, "are"); $BinaryPhoto = fread($TempFile, filesize($TempFileName)); // Try to read image $OldErrorReporting = error_reporting(E_ALL & ~(E_WARNING)); // ingore warnings //This is the line that is not allowing the page to excute. $SourceImage = imagecreatefromstring($BinaryPhoto); // try to create image error_reporting($OldErrorReporting); ?> <?php if($_POST['submit']) { $PhotoFileName = $_FILES["userfile"]["name"]; // get client side file name $FileNameParts = explode(".", $PhotoFileName); $FileExtension = end($FileNameParts); // part behind last dot if ($FileExtension != "jpg" && $FileExtension != "JPEG" && $FileExtension != "JPG" && $FileExtension != "gif"){ die ("Choose a JPG or GIF for the photo"); } //else { echo "Thats it!";} $PhotoSize = $_FILES['userfile']['size']; // size of uploaded file if ($PhotoSize == 0){ die ("Sorry. The upload of $sPhotoFileName has failed. Search a photo smaller than 100K, using the button."); } if ($PhotoSize > 102400){ die ("Sorry. The file $sPhotoFileName is larger than 100K. Advice: reduce the photo using a drawing tool."); } // read photo $TempFileName = $_FILES['userfile']['tmp_name']; // temporary file at server side $TempFile = fopen($TempFileName, "are"); $BinaryPhoto = fread($TempFile, filesize($TempFileName)); } // Try to read image $OldErrorReporting = error_reporting(E_ALL & ~(E_WARNING)); // ingore warnings $SourceImage = imagecreatefromstring( ,$BinaryPhoto); // try to create image error_reporting($OldErrorReporting); if (!$SourceImage){ // error, image is not a valid jpg die ("Sorry. It was not possible to read photo $sPhotoFileName. Choose another photo in JPG format."); } } echo "Test Line"; ?> Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 16, 2007 Author Share Posted May 16, 2007 Can anyone help me to debug this? Please!!! Quote Link to comment Share on other sites More sharing options...
Lumio Posted May 17, 2007 Share Posted May 17, 2007 What does not work? Give us errormessages? Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 17, 2007 Author Share Posted May 17, 2007 What does not work? Give us errormessages? I figure it out. I needed the GD Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.